From owner-freebsd-arch@freebsd.org Tue Mar 8 14:00:59 2016 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0D6DAC7C11 for ; Tue, 8 Mar 2016 14:00:59 +0000 (UTC) (envelope-from admin@www.doska.ru) Received: from vm9851.vps.agava.net (vm9851.vps.agava.net [IPv6:2a03:4900:2:653::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 63D53DCE for ; Tue, 8 Mar 2016 14:00:59 +0000 (UTC) (envelope-from admin@www.doska.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=www.doska.ru; s=dkim; h=Sender:Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Subject:To:From:Message-ID; bh=1YZeenoZ3LBRs1AbU1L7t9G/OS23edFf/HEzS5Q0BCQ=; b=UZ+KbVU1tTrMzLfQg/sMuL6exvXyDWR6t3pm7zLXAi25CO5NiW90NVoIXD+Mo5B2bZUs1BDKkNExBIJSHr4mAvvqukMu5mOgnosqujoryGvE0kwF1pK75LUOfROFHNYrT6dnKKMScsUMD1io4OOI6+SnpWK0c2465YAAirYQDUA=; Received: by vm9851.vps.agava.net with esmtpa (Exim 4.72) id 1adIC1-00074W-Ab; Tue, 08 Mar 2016 17:00:57 +0300 Message-ID: <82783181EC381FEC30357CCC58158887@jmqweuigr3quyr8q3rq8trq> From: "admin" <349599@ukr.net> To: Subject: =?windows-1251?B?3evl6vLw7u3t++Ug4ejn7eXxIPHv8ODi7vft?= =?windows-1251?B?6OroIOgg4eDn+yDk4O3t+/U=?= Date: Tue, 8 Mar 2016 16:03:21 +0200 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Sender: admin@www.doska.ru MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Mar 2016 14:00:59 -0000 From owner-freebsd-arch@freebsd.org Tue Mar 8 15:00:28 2016 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4788EAC7E16 for ; Tue, 8 Mar 2016 15:00:28 +0000 (UTC) (envelope-from admin@infosliv.club) Received: from vm9850.vps.agava.net (vm9850.vps.agava.net [80.78.243.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E5458272 for ; Tue, 8 Mar 2016 15:00:27 +0000 (UTC) (envelope-from admin@infosliv.club) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infosliv.club; s=dkim; h=Sender:Content-Type:MIME-Version:Date:Subject:To:From:Message-ID; bh=KY8qMpeqz0kl2wrOtltRS5qh+lO7kBD49k+peAylHug=; b=ahgGfbzaLZicQ2grP8br7EBimUBYDnwj+j4g0i4XbmUIV8fvkvG9x/lEQbcdsNUlm9UOVHxB2u4yCRbNKIvJquq09sRQg8UuRU25mimnnYaHdNTgzUtdqBXsl8Nyk/bQ1Y7m5+BAvwcTIsEbP/Dyn54UEqDODaj34I0oSvj214M=; Received: by vm9850.vps.agava.net with esmtpa (Exim 4.72) id 1adJ6Y-0007nc-AK; Tue, 08 Mar 2016 17:59:22 +0300 Message-ID: From: "admin" <932082@ukr.net> To: Subject: =?windows-1251?B?0OXq6+Ds4CDC4Pjl4+4g4ejn7eXx4CDo6+gg?= =?windows-1251?B?8/Hr8+Mg7+4g4+7w7uTg7CDT6vDg6O37?= Date: Tue, 8 Mar 2016 17:01:44 +0200 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Sender: admin@infosliv.club Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Mar 2016 15:00:28 -0000 =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5! =CF=F0=E5=E4=EB=E0=E3=E0=E5=EC =F3=F1=EB=F3=E3=E8 =EF=EE =E4=EE=F1=F2=E0=E2= =EA=E5 =FD=EB=E5=EA=F2=F0=EE=ED=ED=EE=E9 =EF=EE=F7=F2=FB =EF=EE =EE=E1=EB= =E0=F1=F2=ED=FB=EC =E3=EE=F0=EE=E4=E0=EC =D3=EA=F0=E0=E8=ED=FB. =CA=EE=EB=E8=F7=E5=F1=F2=E2=E0 =E0=E4=F0=E5=F1=E0=F2=EE=E2 =EC=EE=E3=F3=F2= =EE=F2=EB=E8=F7=E0=F2=F1=FF =EE=F2 =F3=EA=E0=E7=E0=ED=ED=FB=F5 =E2 =F2=E0= =E1=EB=E8=F6=E5 =E2 =E7=E0=E2=E8=F1=E8=EC=EE=F1=F2=E8 =EE=F2 =EE=E1=ED=EE= =E2=EB=E5=ED=E8=E9, =EF=F0=E8 =EA=E0=E6=E4=EE=EC =E7=E0=E1=F0=EE=F8=E5=ED=ED=FB=E5 =FF=F9=E8=EA= =E8 =F3=E4=E0=EB=FF=FE=F2=F1=FF =E8 =E4=EE=E1=E0=E2=EB=FF=FE=F2=F1=FF =ED= =EE=E2=FB=E5. =D2=E0=EA =E6=E5 =EF=F0=EE=E2=EE=E4=E8=EC =F0=E0=F1=F1=FB=EB=EA=E8 =EF=EE= =F1=F2=F0=E0=ED=E0=EC =D1=CD=C3 =E8 =E7=E0=F0=F3=E1=E5=E6=FC=FF (=EA=EE=EB= =E8=F7=E5=F1=F2=E2=EE =E8 =F1=F2=EE=E8=EC=EE=F1=F2=FC =F3=F2=EE=F7=ED=FF=E9= =F2=E5). =CD=E0=F1=E5=EB=E5=ED=ED=FB=E9 =EF=F3=ED=EA=F2 =CA=EE=EB=E8=F7=E5=F1=F2=E2= =EE\=F1=F2=EE=E8=EC=EE=F1=F2=FC=CE=E1=EB=E0=F1=F2=FC =CA=EE=EB=E8=F7=E5=F1= =F2=E2=EE\=F1=F2=EE=E8=EC=EE=F1=F2=FC =C2=C8=CD=CD=C8=D6=C089426 - 250 =E3=F0=ED.=C2=E8=ED=ED=E8=F6=EA=E0=FF =EE= =E1=EB=E0=F1=F2=FC125375 - 350 =E3=F0=ED =C4=CD=C5=CF=D0=CE=CF=C5=D2=D0=CE=C2=D1=CA140749 - 350 =E3=F0=ED=C4=ED=E5= =EF=F0=EE=EF=E5=F2=F0=EE=E2=F1=EA=E0=FF =EE=E1=EB=E0=F1=F2=FC210648 - 400= =E3=F0=ED =C4=CE=CD=C5=D6=CA115478 - 300 =E3=F0=ED=C4=EE=ED=E5=F6=EA=E0=FF =EE=E1=EB= =E0=F1=F2=FC197473 - 400 =E3=F0=ED =C6=C8=D2=CE=CC=C8=D086264 - 250 =E3=F0=ED=C6=E8=F2=EE=EC=E8=F0=F1=EA=E0=FF= =EE=E1=EB=E0=F1=F2=FC135276 - 350 =E3=F0=ED =C7=C0=CF=CE=D0=CE=C6=DC=C568395 - 200 =E3=F0=ED=C7=E0=EF=EE=F0=EE=E6=F1=EA= =E0=FF =EE=E1=EB=E0=F1=F2=FC97356 - 300 =E3=F0=ED =C8=C2=C0=CD=CE-=D4=D0=C0=CD=CA=CE=C2=D1=CA59367 - 200 =E3=F0=ED=C8=E2=E0= =ED=EE-=D4=F0=E0=ED=EA=EE=E2=F1=EA=E0=FF =EE=E1=EB=E0=F1=F2=FC86467 - 250= =E3=F0=ED =CA=C8=C5=C2 (=F4=E8=E7 =EB=E8=F6=E0)635286 - 550 =E3=F0=ED=CA=E8=E5=E2=F1= =EA=E0=FF =EE=E1=EB=E0=F1=F2=FC974164 - 650 =E3=F0=ED =CA=C8=C5=C2 (=EF=F0=E5=E4=EF=F0=E8=FF=F2=E8=FF)34286 - 200 =E3=F0=ED=CA=E8= =E5=E2=F1=EA=E0=FF =EE=E1=EB=E0=F1=F2=FC51639 - 300 =E3=F0=ED =CA=C8=D0=CE=C2=CE=C3=D0=C0=C456934 - 200 =E3=F0=ED=CA=E8=F0=EE=E2=EE=E3=F0= =E0=E4=F1=EA=E0=FF =EE=E1=EB=E0=F1=F2=FC79364 - 250 =E3=F0=ED =CB=D3=C3=C0=CD=D1=CA67385 - 250 =E3=F0=ED=CB=F3=E3=E0=ED=F1=EA=E0=FF =EE= =E1=EB=E0=F1=F2=FC91454 - 300 =E3=F0=ED =CB=D3=D6=CA48367 - 200 =E3=F0=ED=C2=EE=EB=FB=ED=F1=EA=E0=FF =EE=E1=EB=E0= =F1=F2=FC78539 - 250 =E3=F0=ED =CB=DC=C2=CE=C282629 - 250 =E3=F0=ED=CB=FC=E2=EE=E2=F1=EA=E0=FF =EE=E1=EB= =E0=F1=F2=FC126492 - 350 =E3=F0=ED =CD=C8=CA=CE=CB=C0=C5=C251537 - 250 =E3=F0=ED=CD=E8=EA=EE=EB=E0=E5=E2=F1=EA= =E0=FF =EE=E1=EB=E0=F1=F2=FC94175 - 300 =E3=F0=ED =CE=C4=C5=D1=D1=C0126385 - 350 =E3=F0=ED=CE=E4=E5=F1=F1=EA=E0=FF =EE=E1=EB= =E0=F1=F2=FC185473 - 400 =E3=F0=ED =CF=CE=CB=D2=C0=C2=C042856 - 200 =E3=F0=ED=CF=EE=EB=F2=E0=E2=F1=EA=E0=FF = =EE=E1=EB=E0=F1=F2=FC74275 - 250 =E3=F0=ED =D0=CE=C2=CD=CE75385 - 250 =E3=F0=ED=D0=EE=E2=E5=ED=F1=EA=E0=FF =EE=E1=EB= =E0=F1=F2=FC102658 - 300 =E3=F0=ED =D1=C5=C2=C0=D1=D2=CE=CF=CE=CB=DC54285 - 200 =E3=F0=ED=CA=F0=FB=EC97462 -= 300 =E3=F0=ED =D1=C8=CC=D4=C5=D0=CE=CF=CE=CB=DC45286 - 200 =E3=F0=ED=CA=F0=FB=EC97462 -= 300 =E3=F0=ED =D1=D3=CC=DB58356 - 200 =E3=F0=ED=D1=F3=EC=F1=EA=E0=FF =EE=E1=EB=E0=F1=F2= =FC89462 - 300 =E3=F0=ED =D2=C5=D0=CD=CE=CF=CE=CB=DC39271 - 200 =E3=F0=ED=D2=E5=F0=ED=EE=EF=EE=EB=FC= =F1=EA=E0=FF =EE=E1=EB=E0=F1=F2=FC69357 - 250 =E3=F0=ED =D3=C6=C3=CE=D0=CE=C447173 - 200 =E3=F0=ED=C7=E0=EA=E0=F0=EF=E0=F2=F1=EA=E0= =FF =EE=E1=EB=E0=F1=F2=FC72591 - 250 =E3=F0=ED =D5=C0=D0=DC=CA=CE=C2147286 - 350 =E3=F0=ED=D5=E0=F0=FC=EA=EE=E2=F1=EA=E0= =FF =EE=E1=EB=E0=F1=F2=FC205375 - 400 =E3=F0=ED =D5=C5=D0=D1=CE=CD97290 - 300 =E3=F0=ED=D5=E5=F0=F1=EE=ED=F1=EA=E0=FF =EE= =E1=EB=E0=F1=F2=FC121759 - 350 =E3=F0=ED =D5=CC=C5=CB=DC=CD=C8=D6=CA=C8=C984677 - 250 =E3=F0=ED=D5=EC=E5=EB=FC=ED=E8= =F6=EA=E0=FF =EE=E1=EB=E0=F1=F2=FC110475 - 300 =E3=F0=ED =D7=C5=D0=CA=C0=D1=D1=DB45289 - 200 =E3=F0=ED=D7=E5=F0=EA=E0=F1=F1=EA=E0=FF= =EE=E1=EB=E0=F1=F2=FC71492 - 250 =E3=F0=ED =D7=C5=D0=CD=C8=C3=CE=C268438 - 250 =E3=F0=ED=D7=E5=F0=ED=E8=E3=EE=E2=F1=EA= =E0=FF =EE=E1=EB=E0=F1=F2=FC84296 - 300 =E3=F0=ED =D7=C5=D0=CD=CE=C2=D6=DB44287 - 200 =E3=F0=ED=D7=E5=F0=ED=EE=E2=E8=F6=EA=E0= =FF =EE=E1=EB=E0=F1=F2=FC61731 - 250 =E3=F0=ED =D0=E0=F1=F1=FB=EB=EA=E0 =EF=EE =E2=F1=E5=E9 =E1=E0=E7=E5 =D3=EA=F0=E0=E8= =ED=FB =F1=F2=EE=E8=F2 13OO =E3=F0=ED. =CE=E1=F0=E0=F9=E0=E5=EC =C2=E0=F8=E5 =E2=ED=E8=EC=E0=ED=E8=E5 - =EC=E0=EA= =E5=F2=FB =F1=EE=E4=E5=F0=E6=E0=F9=E8=E5 =EF=EE=F0=ED=EE, =E0=E3=E8=F2=E8= =F0=F3=FE=F9=E8=E5 =EA =ED=E0=F1=E8=EB=E8=FE =E8 =EF=F0=EE=F2=E8=E2=EE=F0=E5=F7=E0=F9=E8=E5 =E4=E5=E9=F1=F2=E2=F3=FE=F9=E5= =EC=F3 =E7=E0=EA=EE=ED=EE=E4=E0=F2=E5=EB=FC=F1=F2=E2=F3 =D3=EA=F0=E0=E8=ED= =FB, =EA =F0=E0=F1=F1=FB=EB=EA=E5 =ED=E5 =EF=F0=E8=ED=E8=EC=E0=FE=F2=F1=FF= . =D2=E0=EA =E6=E5 =EF=F0=E5=E4=EB=E0=E3=E0=E5=EC =F0=E0=E7=EB=E8=F7=ED=FB=E5= =E1=E0=E7=FB =E4=E0=ED=ED=FB=F5 =E8 =F1=EF=F0=E0=E2=EE=F7=ED=E8=EA=E8, =EF= =F0=E0=E9=F1 =E2=FB=F1=FB=EB=E0=E5=EC =EF=EE =E7=E0=EF=F0=EE=F1=F3. =C2=CD=C8=CC=C0=CD=C8=C5! =CF=C8=D8=C8=D2=C5 =D2=CE=CB=DC=CA=CE =CD=C0 =D3= =CA=C0=C7=C0=CD=CD=DB=C9 =CD=C8=C6=C5 =C5=CC=C0=C8=CB =C0=C4=D0=C5=D1 =C8= =CB=C8 =C7=C2=CE=CD=C8=D2=C5 =CF=CE =D2=C5=CB=C5=D4=CE=CD=D3. =20 --- =D1 =F3=E2=E0=E6=E5=ED=E8=E5=EC =EE=F2=E4=E5=EB =F0=E5=EA=EB=E0=EC=FB =C2=EB=E0=E4=E8=EC=E8=F0 =C2=E8=EA=F2= =EE=F0=EE=E2=E8=F7 =F2=E5=EB: + 38063-637-4525 =F2=E5=F5=ED=E8=F7=E5=F1=EA=E8=E5 =E2=EE=EF=F0=EE=F1=FB =D1=E5=F0=E3=E5=E9= =C2=E0=EB=E5=F0=FC=E5=E2=E8=F7 =F2=E5=EB: + 38093-85599-27 mail: 932082@ukr.net skype: djinodjino74 icq: 653350891 =CE=D2=CF=C8=D1=C0=D2=DC=D1=DF =CE=D2 =D0=C0=D1=D1=DB=CB=CA=C8=CF=CE=C6= =C0=CB=CE=C2=C0=D2=DC=D1=DF =CD=C0 =D1=CF=C0=CC From owner-freebsd-arch@freebsd.org Thu Mar 10 15:51:27 2016 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2F438ACAAA7 for ; Thu, 10 Mar 2016 15:51:27 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 14AF4FF8 for ; Thu, 10 Mar 2016 15:51:27 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 139EDACAAA5; Thu, 10 Mar 2016 15:51:27 +0000 (UTC) Delivered-To: arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EDD5BACAAA3 for ; Thu, 10 Mar 2016 15:51:26 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 992A7FF5 for ; Thu, 10 Mar 2016 15:51:26 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id u2AFpL2F004924 (version=TLSv1 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Thu, 10 Mar 2016 17:51:21 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua u2AFpL2F004924 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id u2AFpLBk004923 for arch@freebsd.org; Thu, 10 Mar 2016 17:51:21 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Thu, 10 Mar 2016 17:51:21 +0200 From: Konstantin Belousov To: arch@freebsd.org Subject: Call for testing - ASLR patch Message-ID: <20160310155121.GA1741@kib.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Mar 2016 15:51:27 -0000 I have a small and straightforward yet feature-packed patch to implement ASLR for FreeBSD available for broader testing. The patch can be fetched from https://www.kib.kiev.ua/kib/aslr/aslr.5.patch . With this change, randomization is applied to all non-fixed mappings. By randomization I mean the base address for the mapping is selected with a guaranteed amount of entropy (bits). If the mapping was requested to be superpage aligned, the randomization honours the superpage attributes. The randomization is done on a best-effort basis - that is, the allocator falls back to a first fit strategy if fragmentation prevents entropy injection. It is trivial to implement a strong mode where failure to guarantee the requested amount of entropy results in mapping request failure, but I do not consider that to be usable. I have not fine-tuned the amount of entropy injected right now. It is only a quantitive change that will not change the implementation. The current amount is controlled by aslr_pages_rnd. To not spoil coalescing optimizations, to reduce the page table fragmentation inherent to ASLR, and to keep the transient superpage promotion for the malloced memory, the locality is implemented for anonymous private mappings, which are automatically grouped until fragmentation kicks in. The initial location for the anon group range is, of course, randomized. The default mode keeps the sbrk area unpopulated by other mappings, but this can be turned off, which gives much more breathing bits on the small AS architectures (funny that 32bits is considered small). This is tied with the question of following an application's hint about the mmap(2) base address. Testing shows that ignoring the hint does not affect the function of common applications, but I would expect more demanding code could break. By default sbrk is preserved and mmap hints are satisfied, which can be changed by using the kern.elf{32,64}.aslr_care_sbrk sysctl. Stack gap, W^X, shared page randomization, KASLR and other techniques are explicitely out of scope of this work. The paxtest results for the run with the patch applied and aggresively tuned can be seen at the https://www.kib.kiev.ua/kib/aslr/paxtest.log . For comparision, the run on Fedora 23 on the same machine is at https://www.kib.kiev.ua/kib/aslr/fedora.log . ASLR is enabled on per-ABI basis, and currently it is only enabled on native i386 and amd64 (including compat 32bit) ABIs. I expect to test and enable ASLR for armv6 and arm64 as well, later. The procctl(2) control for ASLR is implemented, by I have not provided a userspace wrapper around the syscall. In fact, the most reasonable control needed is per-image and not per-process, but we have no tradition to put the kernel-read attributes into the extattrs of binary, so I am still pondering that part and this also explains the non-written tool. Thanks to Oliver Pinter and Shawn Webb of the HardenedBSD project for pursuing ASLR for FreeBSD. Although this work is not based on theirs, it was inspired by their efforts. Thanks to Ed Maste, Robert Watson, John Baldwin, and Alan Cox for some discussions about the patch, and for The FreeBSD Foundation for directing me. From owner-freebsd-arch@freebsd.org Fri Mar 11 17:37:41 2016 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CE246ACBDD7 for ; Fri, 11 Mar 2016 17:37:41 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id B242BFDA for ; Fri, 11 Mar 2016 17:37:41 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [IPv6:::1]) by freefall.freebsd.org (Postfix) with ESMTP id ABE7C14DF for ; Fri, 11 Mar 2016 17:37:41 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [172.31.3.2]) by mail.xzibition.com (Postfix) with ESMTP id 5FF3E1E0B4 for ; Fri, 11 Mar 2016 17:37:41 +0000 (UTC) X-Virus-Scanned: amavisd-new at mail.xzibition.com Received: from mail.xzibition.com ([172.31.3.2]) by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new, port 10026) with LMTP id CEh9Sw_9bk9a for ; Fri, 11 Mar 2016 17:37:38 +0000 (UTC) To: "freebsd-arch@freebsd.org" DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com D958B1E0AF From: Bryan Drewery Subject: CHANGES file Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Organization: FreeBSD Message-ID: <56E30267.30009@FreeBSD.org> Date: Fri, 11 Mar 2016 09:37:43 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="rXVFvjo6HgSg9DOVkM1MP1MqtB5k9CxgG" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2016 17:37:42 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --rXVFvjo6HgSg9DOVkM1MP1MqtB5k9CxgG Content-Type: multipart/mixed; boundary="4U3FcvogfHn0bAHcWffITFjqEvCBflLBq" From: Bryan Drewery To: "freebsd-arch@freebsd.org" Message-ID: <56E30267.30009@FreeBSD.org> Subject: CHANGES file --4U3FcvogfHn0bAHcWffITFjqEvCBflLBq Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable In ports we have an UPDATING file that is targeted at users and a CHANGES file that is targeted at developers regarding API changes. I would like to introduce a CHANGES file as it makes it simpler for developers to see what has changed without reading through all commit logs. This is of great benefit for module writers and vendors who may even have customized some of the code in the tree. Some examples of recent changes that are otherwise undocumented: 1. r295707 which introduced g_reset_bio() which *currently* is a wrapper around bzero, but may change. At Isilon we had >1 lines of our own code affected by this change and I feel lucky I noticed it rather than leaving it to someone to discover years from now when it matters. 2. A lot of my recent share/mk changes may cause grief for vendors (but not likely out-of-tree builds). 3. callout_stop(9) return value. Note I am not requesting every little KPI change be documented in here. I am only wanting to document ones where a change will break something for someone and no warning or error is given if they do nothing. Many API changes will cause a build error or warning while many do not as they are not expressible in C or not utilized by our style or captured by all compilers (like which return values are possible via enum). Unless someone objects for good reason I will create this file and encourage others to document their subtle changes in it. Of course it will not be 100% but it should be helpful nonetheless. --=20 Regards, Bryan Drewery --4U3FcvogfHn0bAHcWffITFjqEvCBflLBq-- --rXVFvjo6HgSg9DOVkM1MP1MqtB5k9CxgG Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJW4wJnAAoJEDXXcbtuRpfPfFsIALKdigY9d2dR40a8beXCXOAn G3EBZLjzzYY6QiZUQRwLI+jQEspmQwAAVTWXtCyrIdKj2UyjCVBNkaElDQ+Y6sXn htUsRNJhW+FbcS9zqwmBn6w4Gb3AUYZw+AijeK+dBJdbA08y0YX4LL3kipNyfNlE ijA8Gb810pbU9KW/OyOV1c4QMXHBhLE7M8jCBrxH6p5qLUPy4s+VNvKSBdXlHLQz rstlqs/iZPRWmNmpERdy1wvfuoyG0XwVgakuZZHSo7gsyJk/YOhZHwgKEvjsBYNY MHLHyESXCXfT1TFry4XUP6pm0kYG966taTQsSLE8EwMFbij9Z0lK84HtpBboRUE= =BhfZ -----END PGP SIGNATURE----- --rXVFvjo6HgSg9DOVkM1MP1MqtB5k9CxgG-- From owner-freebsd-arch@freebsd.org Fri Mar 11 18:31:44 2016 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 41F46ACC345 for ; Fri, 11 Mar 2016 18:31:44 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-pa0-x234.google.com (mail-pa0-x234.google.com [IPv6:2607:f8b0:400e:c03::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1DDE2B2F; Fri, 11 Mar 2016 18:31:44 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-pa0-x234.google.com with SMTP id fe3so89447864pab.1; Fri, 11 Mar 2016 10:31:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=sugPkfb8fA8MBL6tDkl5VOTCKndGvxe+GUtRkYorgag=; b=JzFNftNN7A7leOi1EnhYz3LmSeH+vTSlZ7UhVa5PCaEea4CBxxf5MWyN6vl9s24o4R P6VXNFEFLQgxgpzvX67urCSP0QloMQkQQnuNQPeSRQuXOLUVP8mJLuXx/mzEpUgDQHaY nGM4WoqXzYjScOmxviSpJrtmXTxjiFin3JnOarEqiwsPlpBjzsjv0kGaOX+1K4MiJH5V EBbi0+Q3kSv/c0kq7BfHkbg129GxEvnzU7v1HQFkGbD94v7oo0tNmMUR6Bxt8at90u+2 HdCYj19BSHSFhKgBA+If+xyByjQgyFKkWUipnWFkpLfZuuSngdNEYOZ38t10gsaT7fM/ XGOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=sugPkfb8fA8MBL6tDkl5VOTCKndGvxe+GUtRkYorgag=; b=L7gx0LNanLpuTEQUu3N/8EBSSIe4oUkHy87N+rXtD0hlPSmwMeh9vMvSCLvYhkm/bk +uQ/x5qQS7M0FbckBYU7ilNTU4avLh1LTh4LpE4SbVlWmINO/aYHSmyRG0P+pepEGeVd w7sqsVEeWkwtRtskt2qYYYeB+IHcRApvTyT6ZXfl9K89znV2MNt5yLW5qI6Vx6Szx1r3 Za5reGEQ+GZAkmgNXiVmoihnZX2kXvMY7cuu8/3GJDIqE3mhrlFl+wW8u/2MskY9XIrD kakKgS9+/Rs1mly/tG9mP0wxGnFxE3JkOGfon/Ywj3Cka4xR2dlKKpBMTR5IBciBXndW iTWg== X-Gm-Message-State: AD7BkJI3nDkYvQ5EFobD1N4k6uQVdqBxF61g179iiTpOQY84SW4tAWmC/B40IRxgoAUPvw== X-Received: by 10.66.164.39 with SMTP id yn7mr17884925pab.107.1457721103535; Fri, 11 Mar 2016 10:31:43 -0800 (PST) Received: from wkstn-mjohnston.west.isilon.com (c-67-182-131-225.hsd1.wa.comcast.net. [67.182.131.225]) by smtp.gmail.com with ESMTPSA id sj4sm14525576pab.43.2016.03.11.10.31.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 11 Mar 2016 10:31:42 -0800 (PST) Sender: Mark Johnston Date: Fri, 11 Mar 2016 10:34:44 -0800 From: Mark Johnston To: Bryan Drewery Cc: "freebsd-arch@freebsd.org" Subject: Re: CHANGES file Message-ID: <20160311183444.GA53265@wkstn-mjohnston.west.isilon.com> References: <56E30267.30009@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <56E30267.30009@FreeBSD.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2016 18:31:44 -0000 On Fri, Mar 11, 2016 at 09:37:43AM -0800, Bryan Drewery wrote: > In ports we have an UPDATING file that is targeted at users and a > CHANGES file that is targeted at developers regarding API changes. > > I would like to introduce a CHANGES file as it makes it simpler for > developers to see what has changed without reading through all commit > logs. This is of great benefit for module writers and vendors who may > even have customized some of the code in the tree. +1 > > Some examples of recent changes that are otherwise undocumented: > > 1. r295707 which introduced g_reset_bio() which *currently* is a wrapper > around bzero, but may change. At Isilon we had >1 lines of our own code > affected by this change and I feel lucky I noticed it rather than > leaving it to someone to discover years from now when it matters. > 2. A lot of my recent share/mk changes may cause grief for vendors (but > not likely out-of-tree builds). > 3. callout_stop(9) return value. Some other recent examples: - DIOGDINFO removal - a proc_set_cred() call is now needed to set the p_ucred field of a process - callout_drain() return value - with INVARIANTS, default use of the "trash" destructor in UMA zones From owner-freebsd-arch@freebsd.org Fri Mar 11 21:16:31 2016 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A38E4ACC007 for ; Fri, 11 Mar 2016 21:16:31 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 71504800; Fri, 11 Mar 2016 21:16:31 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-io0-x236.google.com with SMTP id m184so161263417iof.1; Fri, 11 Mar 2016 13:16:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=F6/bnuT0HZ5Xg3yLSQiLupi7L1Oy0KoPXwRoRm455QM=; b=dYw8FkxZ6XFCa3z9QKXDzJ9CwmlZWIqhSnkHCNmlFa0cPlIe3yCDPpech6wfvX9zrk GVXXSBelIZjzatRPI5jYDHWI/WiQNrhKUp/bpcfv/OXTmuDM3/2tzEO3AAsbDt7IPixM hNybuIRfzUPJWAsnygA5EaGR7nBGEHRK/weJ+nK31ujBWI67VZi1Kk9E3ECWwHaLrfBx CcCFG2+pp05mphRT49uJoZ8bvgQNPEMnqvWS5fY+sTu44Q3oQInIt+5V1/OSlt4A2aQj 1OWfe0KIfNDlQQyxIe/lhe0YHiEQN7bLAVdQH29II30P3HYAi+QqC7vi7IpwkOPWsDdq FHgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=F6/bnuT0HZ5Xg3yLSQiLupi7L1Oy0KoPXwRoRm455QM=; b=AvDnSqbF3cEUu6q1DbL9dZyGVRCH9H7j0v27we8gMjFvKmHnlJ32HCsGbhVulh5vBM J3TSpVN68dKmYUb8tlOwQvsmrQIJRB3dYI1PjeKsPEVdwP4SoZZWYLJ5Rkx52dU2KVxD 9YY+D9Mpi1nuG8UADJJfkVjoyZZxf+nX6Bjwb1yE3lSkPwUYpPaejeZ6MZU/MyOaH+Ma XLuj4yvT64w1Ax1jreu7pp6RR29WZ3NIkj4JdiDIARlEgO3MdLLF6KVAJ8uwSOVGM4cH hYlRG2DA9aBz+Tp77dxxQHGKdmXDmWeqwa86TwsgdrDRgpo/keznHPo53dYtsIU0k3kL zIHg== X-Gm-Message-State: AD7BkJLKNFoultjgmJ1griAtY92dzG4VB0X5iZ69jdaUx69tho7K4OOy2kj8DE5RClX1alRqVRCSJ1lWqYRoBA== X-Received: by 10.107.157.70 with SMTP id g67mr12175932ioe.38.1457730990822; Fri, 11 Mar 2016 13:16:30 -0800 (PST) MIME-Version: 1.0 Sender: carpeddiem@gmail.com Received: by 10.107.39.66 with HTTP; Fri, 11 Mar 2016 13:16:11 -0800 (PST) In-Reply-To: <56E30267.30009@FreeBSD.org> References: <56E30267.30009@FreeBSD.org> From: Ed Maste Date: Fri, 11 Mar 2016 16:16:11 -0500 X-Google-Sender-Auth: -eZVLRbs7-6Wmc6qqoTn_5zPNPU Message-ID: Subject: Re: CHANGES file To: Bryan Drewery Cc: "freebsd-arch@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2016 21:16:31 -0000 On 11 March 2016 at 12:37, Bryan Drewery wrote: > In ports we have an UPDATING file that is targeted at users and a > CHANGES file that is targeted at developers regarding API changes. > > I would like to introduce a CHANGES file as it makes it simpler for > developers to see what has changed without reading through all commit > logs. This is of great benefit for module writers and vendors who may > even have customized some of the code in the tree. Seems like a good idea to me. I worry that it will be forgotten on a number of changes, but that's no worse than today and can be remedied after the fact when a missing entry is noticed. From owner-freebsd-arch@freebsd.org Sat Mar 12 15:14:03 2016 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 16BA5ACEEB5 for ; Sat, 12 Mar 2016 15:14:03 +0000 (UTC) (envelope-from pkubaj@anongoth.pl) Received: from anongoth.pl (anongoth.pl [88.156.79.165]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anongoth.pl", Issuer "Let's Encrypt Authority X1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C5DFC784 for ; Sat, 12 Mar 2016 15:14:02 +0000 (UTC) (envelope-from pkubaj@anongoth.pl) Received: from mail (unknown [127.0.1.10]) by anongoth.pl (Postfix) with ESMTP id 6866B61FB; Sat, 12 Mar 2016 16:13:51 +0100 (CET) X-Virus-Scanned: amavisd-new at anongoth.pl Received: from anongoth.pl ([127.0.1.10]) by mail (anongoth.pl [127.0.1.10]) (amavisd-new, port 10024) with LMTP id KvShEcsPDudG; Sat, 12 Mar 2016 16:13:43 +0100 (CET) Received: from [109.243.169.110] (user-109-243-169-110.play-internet.pl [109.243.169.110]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: pkubaj) by anongoth.pl (Postfix) with ESMTPSA id E5C6661EF; Sat, 12 Mar 2016 16:13:42 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=anongoth.pl; s=ANONGOTH; t=1457795623; bh=G6UtFX421bESoGocZvBy0+eLlFjAsjA8qp0xRHH+wps=; h=To:From:Subject:Date; b=JHY+AnC6DzIcNzkYfXktbrax2yDWR3xP1FOarzWC9Vt8F1/xZUjHfYfmmMOK6jnFO cXvsQeJ7NhhZtPWd38FuQX1FH2wJNqZJBdsBiifSGns37bJLt3TbjNmRl9bsutmLCE BVd7+cBryfND7X7fbK0+KU3RBGF/UF4W7eDODUzclM702tW3Vi3UuiizZ2ui18VVE6 JiDiM7RMFdE4lxDP2kVzKPak2TC8UrW+oSntunfQA+4qwB1/yAkEaY3ZS8F//01ecl PfOjEmNx4T67BOw+GIbGvYOT8VCwzfGGOXAy77u/ZbkcZUNOV2/C1iNmFoqjkrXB/b qVL3VmAVXqftg== To: freebsd-arch@freebsd.org, kostikbel@gmail.com From: Piotr Kubaj Subject: Re: Call for testing - ASLR patch Message-ID: <56E43224.5020006@anongoth.pl> Date: Sat, 12 Mar 2016 16:13:40 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2016 15:14:03 -0000 Thanks, it seems that the topic I had created a few days ago brings fruites now :) Anyway, does this patch work with stable/10? I could upgrade to head, but would like to wait for stable/11.